SWITCH Security Report July/August 2022

Dear Reader

The latest issue of our bi-monthly SWITCH Security Report is available. The main topics of the current report are:

  • Disaster for DeFi protocol: Nomad loses USD 190 million
  • Certificate withdrawal for Hermit: Google and Apple respond to analysis of the Italian government trojan
  • Track the tracker: AirTags hit the headlines
  • Who is lord of the Rings? Dubious new TV show exploits footage from Amazon Ring security cameras

Download English Report

Download German Report

SWITCH Security Report May/June 2022

Dear Reader

The latest issue of our bi-monthly SWITCH Security Report is available. The main topics of the current report are:

  • Even cyclists aren’t safe from cybercrime
  • Rogue ads on the advance
  • When hackers join the team – ransomware and cryptotrojans spreading on Confluence Server and Data Center
  • Causing a hoot: Meeting Owl Pro more secure, but still four security gaps away from ‘secure’

Download English Report

Download German Report

SWITCH Security Report March/April 2022

Dear Reader

The latest issue of our bi-monthly SWITCH Security Report is available. The main topics of the current report are:

  • Google Chrome – 100 does it better. Zero-day attacks on the popular browser are multiplying
  • Huge hole on the Ronin Bridge: hacker steals more than USD 600 million from the Ronin blockchain
  • POP is king – patches on printers yet again
  • Mission Impossible, but in real life
  • Road hack: ransomware attack spares 3,000 road racers fines and other penalties

Download English Report

Download German Report

SWITCH Security Report Januar/Februar 2022

Dear Reader

The latest issue of our bi-monthly SWITCH Security Report is available.
The main topics of the current report are:

  • Good and evil in one square package: the comeback of the QR code
  • A first look at the Metaverse: hackers launch severe and targeted attacks on special data of the Red Cross and Red Crescent
  • The Ukraine war and the duplicity of the Metaverse
  • Apple AirTags – the “next big thing” in data misuse?

SWITCH Security Report November/December 2021

Dear Reader

The latest issue of our bi-monthly SWITCH Security Report is available.

The main topics of the current report are:

  • GoldDust but no nuggets: seven REvil partners caught, but the real orchestrators are still out there
  • EasyHack? Data belonging to COVID-19 loan recipients stolen from EasyGov platform
  • Tor under siege: massive de-anonymisation attacks target Tor network
  • No end to the virus in sight – do we need a patch campaign alongside a vaccination campaign?

> Download English Report I > Download German Report

SWITCH Security Report September/October 2021

Dear Reader


The latest issue of our bi-monthly SWITCH Security Report is available.

The main topics of the current report are:

  • Covid collateral damage: how the pandemic impacts IT security
  • Malware-as-a-service – advertised via Google Ads and supported by brazen PR
  • Advertising and reality: data stolen from 50 million T-Mobile US Inc. customers
  • Facebook face down – the temporary fall of the Zuckerberg empire

> Download English Report I > Download German Report

The electricity industry: the need for action on cybersecurity

The ‘Cybersecurity and cyber resilience in the Swiss electricity supply’ report by the Swiss Federal Office of Energy concludes that the electricity industry needs to take action on cybersecurity.

There’s no doubt that the electricity supply is most likely the most important of all critical infrastructures in a modern, digitalised society. In the Swiss Confederation, the electricity supply network is heavily fragmented – there are around 600 power plants supplying homes and businesses in the network. Unlike other critical infrastructures, the electricity sector must be viewed as a complex overall system from the perspective of cybersecurity. In view of the threat situation, this gives rise to major challenges.

Inside-it.ch columnist Martin Leuthold of the Switch Foundation has analysed the report entitled ‘Cybersecurity and cyber resilience in the Swiss electricity supply’ and gives his thoughts on four proposals made by the Swiss Federal Office of Energy (SFOE).

Who are the key market players in Switzerland?

The report starts by using the term ‘boundary conditions’ to propose that the SFOE define mandatory requirements and/or a risk-based minimum standard for key market players. In terms of the criteria for defining ‘key market players’, reference is made to the practice in neighbouring countries, which makes sense. How these parameters should be defined in Switzerland, however, remains unanswered. Realistically, the focus should initially be on 20 to 30 leading energy firms. We recommend looking for ways in which the many small utility suppliers can also be included in parallel with the industry.

Continue reading “The electricity industry: the need for action on cybersecurity”

SWITCH Security Report July/August 2021

Dear Reader

The latest issue of our bi-monthly SWITCH Security Report is available.

The main topics of the current report are:

  • Perhaps 1984 WAS like 1984 – a big blunder by Apple or simply brilliant advertising?
  • Pegasus: what IT users can learn from the ancient Greeks
  • The biggest hack in cryptocurrency history – fingerwagging or hacker vanity in its purest form?
  • In bed with Siri, Alexa and Uber – what is the privacy and data security situation for working from home?


> Download English Report I > Download German Report

One more Podcast – Security Awareness Insider

There are more than 2.6 million podcasts available on Spotify. For every possible topic you can find experts, famous people or entertainers talking about it. Among podcasts evolving around politics, sports, psychology, crime or history there are also some putting the topic of information security in the spotlight.

“Back then: plant a tree, build a house, father a son. Today: have a podcast.”

A lot of security, but no awareness

If you are working in security awareness there is not much in it for you though. Most podcasts on security cover the topic by inviting one phishing simulation provider. But as you know, there is so much more to it!

This is why Marcus Beyer (Security Awareness Officer at Swisscom) and I decided to start our own podcast on security awareness only: Security Awareness Insider (in German).

Continue reading “One more Podcast – Security Awareness Insider”

The May/June 2021 issue of our SWITCH Security Report is available!

Dear Reader!

A new issue of our bi-monthly SWITCH Security Report is available!

The topics covered in this report are:

  • Back and forth in the pipeline: hacking and rehacking the US fuel firm Colonial Pipeline with Ransomware as a Service
  • Meat and greed – the world’s largest meat processing company pays a hefty USD 11 million ransom after a ransomware attack
  • When Android devices catch the flu: FluBot, the banking trojan, spreads to Android devices
  • Russian cyber spies attack government and NGO networks

The Security Report is available in both English and German.

»»  Download the English report.     »»  Download the German report.

Android FluBot enters Switzerland

FluBot is a new Android malware first discovered in December 2020. During the first few months, FluBot has been active in Spain, Hungary and Poland. Since then, the development of the malware advanced quickly and the malware has set foot in almost all European countries.

On the 18th of June 2021 FluBot version 4.6 was spotted which added a configuration for Switzerland. As of today it is actively being spamertized through SMS.

Alias Names

FluBot is known by different names. The name “FluBot” is best known because this was the name given in the first public technical writing. Below the reference to the most well known aliases:

  • January 2021, ThreatFabric was the first to give it the name “Cabassous” in a Twitter post
  • March 2021, ProDaft published a detailed technical report and gave it the name “FluBot”
  • April 2021, IBM Trusteer took a deeper look at the different FluBot versions and gave it the name “FakeChat

Distribution

FluBot is distributed using smishing (a combination from the words SMS and phishing). The victim receives an SMS with a link to an URL which distributes the APK. The installation is straight forward using sideloading.

Continue reading “Android FluBot enters Switzerland”

The March/April 2021 issue of our SWITCH Security Report is available!

Dear Reader!

A new issue of our bi-monthly SWITCH Security Report is available!

The topics covered in this report are:

  • Exploit on Exchange – vulnerabilities in Microsoft Exchange servers trigger a red alert
  • Learning by doing – data leaks discovered in the Swiss Army’s cyber training school
  • Rocky start(up) at Verkada – 150,000 surveillance cameras hacked
  • Refunds from the remorseful Ziggy ransomware gang
  • Data scraping on Facebook and LinkedIn: big data brings big damage

The Security Report is available in both English and German.

»»  Download the English report.     »»  Download the German report.

The January/February 2021 issue of our SWITCH Security Report is available!

Dear Reader!

A new issue of our bi-monthly SWITCH Security Report is available!

The topics covered in this report are:

  • Dependency confusion – when trust is too good to be true
  • Water hacking – not a new trendy sport, but a serious threat
  • Emotet: the king is dead – let there be no successor!
  • Rumours of its death are greatly exaggerated: how phishing mailers trick cutting-edge security filters with good old Morse code

The Security Report is available in both English and German.

»»  Download the English report.     »»  Download the German report.

The November/December 2020 issue of our SWITCH Security Report is available!

Dear Reader!

A new issue of our bi-monthly SWITCH Security Report is available!

The topics covered in this report are:

  • Choose your team carefully – hackers use fake MS Teams updates to attack networks, especially those of educational institutions
  • Audacious coronavirus relief phishing delivers an extra malware ‘bonus’ on request and creates a challenge for BEC
  • Stopping the attempt to stop online hate speech?
  • Close the gates before it’s too late: what Sneakers and the Internet of Things have in common

The Security Report is available in both English and German.

»»  Download the English report.     »»  Download the German report.

The .ch zone file will be published as open data

The Swiss Federal council adopted the lower laws to the telecommunicaiton act today. Amongst it is the Ordinance on Internet Domains that also regulates the ccTLD .ch. SWITCH-CERT welcomes the new ordinance and the smart regulation by the Federal Office of Communications (OFCOM). The Ordinance on Internet Domains will come to power on 1.1.2021 and has some important changes.

The most obvious ist that the personal data of domain holders will no longer be published in the public whois, following other European countries and the GDPR. This is an important change to protect the privacy of Domain holders. There will be a regulated and monitored access for Swiss Authorities and others that require that data for fighting cybercrime or have other legitimate reasons to get access to the identity of a domain holder. You can find more information on the SWITCH website.

Not so obvious, but from the CERT and security persepective as important is that the .ch zone file will be published as a whole. While the data about (active) .ch domains itself has been published in the distributed Domain Name System ever since, the file containing all domain names – the .ch “zone” – was never public. This will change as of January 2021, details on how to access the .ch zone file will be published at the SWITCH open data page soon.

Continue reading “The .ch zone file will be published as open data”